Chuck
I'm really sorry to post birthday-congrats into this list, however: One of the dinosaurs and most helpful souls of this list is enjoying his birthday today, if I'm not mistaken. Therefore, Chuck, all the best and have a great day! Besides, thanks again for all the help you've provided to this list so far. Cheers! Gregor -- just because you're paranoid, don't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ skype:rc46fi gplus.to/gregor twitter.com/#/2smart4u - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to access session between multiple contexts?
Hi Chris, first, thanks for your answer, I really do apprecciate it! On Thu, Apr 28, 2011 at 5:00 PM, Christopher Schultz ch...@christopherschultz.net wrote: Gregor could cheat and write a session-data-fetch servlet in the main webapp and call it from the ancillary webapp. Just use URL-based session ids when you call and it should work. Well, as I wrote before, the CMS (Jahia) runs in the ROOT-context. I'd like, if possible, Jahia being untouched, so that I can deploy any hotfixes without having to worry about my tweaks. Gregor, what are your options for simply adding your code to the CMS webapp and not bothering with the added complexity of a second webapp? Well, we do have a support-contract with Jahia Group, and we've opened tickets for that issue, but to no avail. They told us some options using session-attributes, but therefore I have to - you guess it - the session... I don't even know what security-mechanism they are using: Seems some mixture of Spring / CAS, both components where I don't know my ways through. What I've been expecting was to get a cooking-receipe where they have a helloworld-servlet in it's own context, which is integrated into their security-mechanism, but they just don't provide it - for whatever reason I just can't see. Well, we decided for Jahia and signed the contracts already, so there are not too many options. Jahia itself is using portlets heavily, which can be deployed into Jahia as war-files. So my last shot is to migrate our legacy-servlets into portlets, but that's a whole bunch of work, which is blowing up our estimates. I'm just wondering if no other Jahia client has the requirement to connect to any legacy servlets: Maybe they all dumped their old stuff and developed from scratch.. Thanks anyway! Gregor -- just because you're paranoid, don't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ skype:rc46fi - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
How to access session between multiple contexts?
Hi there, somehow I'm stuck here: We do have a pre-packaged Tomcat 6 which contains our new CMS, running on Gentoo Linux. The ROOT-app contains the aboved mentioned CMS. Now I do have to integrate some legacy servlets residing each in it's own Context, and for aurthorization-issues I have to access some sesson-attributes. I have enabled the SingleSignOnValve (although authorization is handled via some Spring-stuff) but I thought it is needed to share the session among different contexts. I wrote a very simple test-servlet, which should dump the session-attributes: protected void doGet(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletException, IOException { PrintWriter out = aResponse.getWriter(); out.println (Auth-Type: + aRequest.getAuthType()); out.println (Remote User: + aRequest.getRemoteUser()); Principal prince = aRequest.getUserPrincipal(); if (prince == null) { out.println (Principal is null); } else { out.println (Principal: + prince.getName()); } HttpSession session = aRequest.getSession(); if (session != null) { EnumerationString e = session.getAttributeNames(); while (e.hasMoreElements()) { String attName = e.nextElement(); out.println (Attribute + attName + , value: + session.getAttribute(attName)); } JahiaUser user = (JahiaUser)aRequest.getSession().getAttribute(org.jahia.usermanager.jahiauser); JahiaSite site = (JahiaSite)aRequest.getSession().getAttribute(org.jahia.services.sites.jahiasite); if (site != null user != null) { int siteID = site.getID(); out.println (user.isMemberOfGroup(siteID, users) ? authorized:not authorized); } } else { out.println (session is null!); } out.close(); } I do understand that there's not Primcipal since it's not container-based security, but I was expecting that all attributes which can be retrieved from within the ROOT-context would show up in different Contexts also. However, they don't. Sure, chances are I have some musconfiguration here, but could somebody simply tell me what I have to do to share session-attributes between different Contexts? Is my modus operandi correct or isn't it possible in general? TIA Gregor -- just because you're paranoid, don't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ skype:rc46fi - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: New jsvc (commons-daemon-native); catalina.out is owned by root - WTF?
Chris, On Wed, Dec 1, 2010 at 10:10 PM, Christopher Schultz ch...@christopherschultz.net wrote: I agree with Mladen: MySQL doesn't actually need root privileges for anything at all, so this is a good description of your desires, but not a really great example. Tomcat doesn't root-privileges either in our situation. We#re not even running on a privileged port (yet). However, where planning to kick out Apache soon and will be running our sites on Tomcat only - that's why we're already using jsvc (call it kond of a test). Still, our security-guidelines demand that Tomcat can only be started / stopped by either a user with root privileges or by a user having those privileges via the sudo-command. On the other hand, the devekopers responsible for their application have to be able to read the logs. Besides, all logs are owned by tomcat:tomcat (as it should be) - the only exception is catalina.out. I guess you agree that this is not what somebody would call consistent behaviour... What does directory is already umasked mean? AFAIK, you can't umask a directory. Do you mean you're using sticky bits? Sorry, my fault: Our general umask is set to 0022 - still, jsvc give root-owbership to catalina.out Is it possible that if catalina.out already exists and is owned by, say, tomcat, that it's ownership will be retained when jsvc opens it for append? If that's the case, you may have simply deleted the file during your upgrade and had it re-created by jsvc (owned by root) after the fact. You picked the right thing here: When catalina.out is owned by tomcat:tomcat, jsvc opens that file for append and doesn't change the ownership. I wouldn't bet my bottom penny on the possibility that with the chowned catalina.out manually to tomcat:tomcat, but I'm quite sure that the ownership was not changed by us before. Unfortunately, I don't have the time to do a check on that one right now. Can you tell us what version of jsvc you were using in the past, and what version you're using now? Before, we've been using an acrhive called jsvc.tar.gz, browsing the CHANGES.txt gives === [ snip ]= JAKARTA COMMONS DAEMON (UNIX) CHANGELOG: Last modified at [$Date: 2005-05-17 10:03:57 +0200 (Tue, 17 May 2005) $] Changes with 1.0.1 === [ snap ]= Now, we're using an archive called commons-daemon-native.tar.gz. Browsing the file RELEASE_NOTES.txt gives === [ snip ]= $Id: RELEASE-NOTES.txt 915160 2010-02-23 03:32:02Z billbarker $ Commons Daemon Package Version 1.0.2 === [ snap ]= Since my workaround seems to be doing what we're expecting, I suggest we call this case closed. Thanks for your support! Cheers Gregor -- just because you're paranoid, don't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ skype:rc46fi - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: New jsvc (commons-daemon-native); catalina.out is owned by root - WTF?
Mladen, On Thu, Dec 2, 2010 at 12:37 PM, Mladen Turk mt...@apache.org wrote: On 12/02/2010 12:05 PM, Gregor Schneider wrote: If your developers need to see the stdout of the Tomcat on the production server then you have a serious problem. The first one that I find (well funny) is that they can access the box at the first place. I disagree: Why should that be a problem? I feel that ppl have a problem if they mistrust their developers in so far that they have to lock their box even to their own developers maintaing the apps. And I'm not talking about full access but I'm talking about browsing the logs. Besides, when having a production-problem, one can react quickly if the developer responsible for the app can read the logs. OTOH, some ppl might have no problems with outages and can wait for the logs being mailed / ftp'ed / whatsoever by the usally always busy server-admins...*sic* Cheers Gregor -- just because you're paranoid, don't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ skype:rc46fi - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: New jsvc (commons-daemon-native); catalina.out is owned by root - WTF?
Konstantin, On Tue, Nov 30, 2010 at 9:42 PM, Konstantin Kolinko knst.koli...@gmail.com wrote: The above one is tomcat-native, aka Tomcat-Apr, a library that provides code for Http11AprProtocol and AjpAprProtocol connectors. This one is commons-daemon, which gives you jsvc. http://commons.apache.org/daemon/jsvc.html Thanks for pointing me to this - I got mixed up since both contain native within their archive-names. Thanks! Gregor -- just because you're paranoid, don't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ skype:rc46fi - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: New jsvc (commons-daemon-native); catalina.out is owned by root - WTF?
Christopher, On Tue, Nov 30, 2010 at 10:33 PM, Christopher Schultz ch...@christopherschultz.net wrote: Apache httpd acts this way: Sure, since Apache is usually started within root-context (sbin) - so that does make sense. When talking about servers, I'm not talking about a webserver but a server such as Debian, RedHat etc. And if you take a look into /var/logs, you can see exactly, that the logs inside this directory partly don't belong to root as long as they are not run within a root-context. A good example ist mysql: -rw-rw 1 mysql adm 344379 2009-09-30 12:13 mysql-full.log And this is exactly the way it should be. For the rest, I'm completely with you, and the solutions you pointed out will work and already crossed my mind, except that the directory is alreday umasked to 0022, still, catalina.out gives -rw--- 1 root root7395 2010-12-01 11:51 catalina.out Any hints on that? But what's really puzzling me - and for which I don't have any explanation - is, that with the old version of jsvc, catalina.out had ${TOMCAT_USER}-ownership (mind you: in the startup-script there's a su ${TOMCAT-USER} before starting jsvc), and to me it seems that this has changed with the new version. Furthermore, I'd like to give you some insights of a Real Life-external-managed-services-root-server-installation within a big financial coperation: Here - and in quite some other companies I do know - it's common practice to host the servers externally, having managed services. Usually, this implies that you don't have root-access, simply for liability-reasons. However, only basic Tomcat-maintenance is done by the external hoster, and when deploying new webapps, our developers need to be able to read al logs. Therefore, such a behaviour as seen by the latest jsvc is making developer's life quite complicated. Anyhow, I guess I'll go for a chown inside the startup-script for now. Thanks Gregor -- just because you're paranoid, don't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ skype:rc46fi - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: New jsvc (commons-daemon-native); catalina.out is owned by root - WTF?
Hi André, long time no see ;) On Wed, Dec 1, 2010 at 12:20 PM, André Warnier a...@ice-sa.com wrote: As far as I know, these startup scripts are created by the packagers of Debian, RedHat etc.. when they wrap Tomcat in a platform-specific package. /They/ are the ones who decide how they call up jsvc, where the logfiles go, under what permissions etc.. That's actually not the case: The startaup-script for Tomcat native comes with the jscv-sources, meaning it's *not* some pre-packaged Debian-thing. However, I guess I know what's going on: The script is started from user Tomcat via sudo. One parameter for jsvc is the parameter user. When invoking jsvc with --help, is says: - [ cut] -user user user used to run the daemon (defaults to current user) - [ cut] Seems somehow to work, since a ps -aux | more | grep tomcat gives tomcat 29386 0.9 3.4 1651348 139244 ? Sl 16:31 0:25 jsvc.exec -user tomcat -home /home/tomcat/local/jdk15/ -Dcatalina.home=/home/tomcat/local/tomcat55/ -Dcatalina.base=/home/tomcat/local/tomcat55/ -Djava.io.tmpdir=/var/tmp -Dlog4j.configuration=log4j.xml -wait 10 -pidfile /var/run/jsvc.pid -outfile /home/tomcat/local/tomcat55//logs/catalina.out -errfile 1 -Xmx1024m -XX:PermSize=256m -XX:+DisableExplicitGC -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.util.logging.config.file=/home/tomcat/local/tomcat55//conf/logging.properties -Xdebug -Xrunjdwp:transport=dt_socket,address=8787,server=y,suspend=n -cp /home/tomcat/local/jdk15//lib/tools.jar:/home/tomcat/local/tomcat55//bin/commons-daemon.jar:/home/tomcat/local/tomcat55//bin/bootstrap.jar org So you can clearly see, that the process is started from user tomcat, although the startup-script is started in root-context (due to the sudo-command). jsvc is *not* forking a jvm, but wrapping it and starting it with it's own user-context, although it's supposed to change the user-context according to the help-text I've listed above. And I would be so picky if it had the same behaviour with version 5.5.20, but in 5.5.20 catalina.out had tomcat-ownership. So it seems, somebody changed something here, and I'm even too dumb to find anything in the changelogs, which I wouldn't like at all, either being a tomcat-user or a comitter... For the time being, I put this little fix into the startup-script, but still, I'm not too happy with this hack: # # workaround to prevent root-ownership for catalina.out # if [ ! -f $CATALINA_HOME/logs/catalina.out ]; then touch $CATALINA_HOME/logs/catalina.out chown $TOMCAT_USER $CATALINA_HOME/logs/catalina.out else OWNER=`ls -l $CATALINA_HOME/logs/catalina.out | grep $TOMCAT_USER` if [ -z $OWNER ]; then chown $TOMCAT_USER:$TOMCAT_USER $CATALINA_HOME/logs/catalina.out fi fi # # end workaround # Cheers! Gregor -- just because you're paranoid, don't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ skype:rc46fi - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
New jsvc (commons-daemon-native); catalina.out is owned by root - WTF?
Hi guys, we had some issues due to a memory-leak here and used this opportunity to upgrade our Tomcat from 5.5.20 to 5.5.31. Here's our current environment: tom...@www2:~/local/tomcat55/bin$ ./version.sh Using CATALINA_BASE: /home/tomcat/local/tomcat55 Using CATALINA_HOME: /home/tomcat/local/tomcat55 Using CATALINA_TMPDIR: /home/tomcat/local/tomcat55/temp Using JRE_HOME:/home/tomcat/local/jdk15/ Using CLASSPATH: /home/tomcat/local/tomcat55/bin/bootstrap.jar Server version: Apache Tomcat/5.5.31 Server built: Sep 4 2010 12:53:08 Server number: 5.5.31.0 OS Name:Linux OS Version: 2.6.18-3-amd64 Architecture: amd64 JVM Version:1.5.0_10-b03 JVM Vendor: Sun Microsystems Inc. The interesting options inside our startup-script are [ ...] TOMCAT_USER=tomcat [...] echo Starting tomcat $DAEMON_HOME/bin/jsvc \ -user $TOMCAT_USER \ -home $JAVA_HOME \ -Dcatalina.home=$CATALINA_HOME \ -Dcatalina.base=$CATALINA_BASE \ -Djava.io.tmpdir=$TMP_DIR \ -Dlog4j.configuration=log4j.xml \ -wait 10 \ -pidfile $PID_FILE \ -outfile $CATALINA_HOME/logs/catalina.out \ -errfile '1' \ $JAVA_OPTS \ $CATALINA_OPTS \ -cp $CLASSPATH \ org.apache.catalina.startup.Bootstrap exit $? ;; What's really puzzling me, is, that since we upgraded Tomcat, catalina.out is not owned by the user specified in $TOMCAT_USER any more but is owned by root. All other files are owned by $TOMCAT_USER as expected. What did we change? Well, in the old version, there was the archive tomcat-native.tar.gz containing the sources for the native wrapper. Now, with Tomcat 5.5.31, there's a new archive commons-daemon-native.tar.gz, which also contains the native wrapper sources - however, the old one is also coming with the 5.5.31-distribution. I couldn't find anything in the docs saying we've changed the native-wrapper-implementation - use the new one or similar. So I guessed that the old one might be depricated, so I used the sources from commons-daemon-native.tar.gz. Works like charm, the only catch is, as described above, that catalina.out now is owned by root. Before, said file was owned by $TOMCAT_USER This is really a PITA, since we don't want to grant root-access to the Tomcat-developers. Could somebody in this list please explain, either what I'm missing here, and also, what's the difference between the two native-wrapper-versions? When checking for the jsvc-parameters with ./jsvc -help, I recognized that the parameter -user didn't change. I'm aware that I could patch the startup-script by inserting something like chown ${TOCMAT_USER} ${CATALINA_HOME}/logs/catalina.out, however, to me this seems only like the 2nd best solution. Any hints very much appreciated! Cheers Gregor -- just because you're paranoid, don't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ skype:rc46fi - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: New jsvc (commons-daemon-native); catalina.out is owned by root - WTF?
Mladen, Believe it or not, this is intentional and correct behavior. Almost any server behaves like that. thanks for sharing your views on this one, which I, however, do not share at all besides, no server behaves like you're stating: if an application is started in a non-root-context and producing any output such as log-files, those files usually are owned by the user in whose context the application is running. besides, superuser root can watch / edit those files anyway. and what sense should any generated output make, if the app-owner is not able fo read those files, esp. when those files contain stuff such as logging-information? therefor, in my humble oppinion, i'd consider such a behaviour as a bug violating one of the essential patterns called delegation. so much for that, if you'd like to share any information, if this behaviour within the native wrapper has been changed intentionally and if so, why it has been changed, i'd really appreciate this. same goes for fhe possibility if i misconfigured anything. thanks best regards gregor
Re: Jailrootting
2010/6/18 Mikolaj Rydzewski m...@ceti.pl: Luca Gervasi wrote: i can read my /etc/passwd from a malicious jsp. Where can i find infos on limiting filesystem access / visibility ? 1st thing to do: run tomcat as user tomcat (or whatever username u like) with limited rights - that should at least fix the possibility to cat /etc/passwd cheers gregor -- just because you're paranoid, don't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ skype:rc46fi - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Question to post to the list
is the environment-variable $logs specified? rgds gregor -- just because you're paranoid, don't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ skype:rc46fi - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Question to post to the list
Pid, I believe the problem here is that Fiona tried to use File=$\{logs\}/stdout.log However, this will only work if an environment-variable logs is defined - which is IMHO no default configuration. Cheers Gregor -- just because you're paranoid, don't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ skype:rc46fi - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: simple, fast to setup, javabased CMS for small sites? (not really OT I think )
Have a look at www.jahia.org. It's a really powerful java based CMS, setup procedure is a walk in the park. Beside the EE-version ($$$) there's a community-edition for free, having most of the features of the EE edition. They have a big community, so support's also there. Cheers Gregor -- just because you're paranoid, don't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ skype:rc46fi - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Putting APACHE in front of a stand-alone Tomcat Server
Sorry if I drop in here getting a bit off-topic, howver: On Mon, May 17, 2010 at 1:54 PM, Pid p...@pidster.com wrote: On 17/05/2010 12:36, Stephen . wrote: HTTPD can handle authentication, or Tomcat can, but not both at the same AFAIK. The AJP Connector will need it's 'tomcatAuthentication' attribute set to 'false' in the former case. was never aware of said attribute. what i'd like to know: from the docs, it says: tomcatAuthentication If set to true, the authentication will be done in Tomcat. Otherwise, the authenticated principal will be propagated from the native webserver and used for authorization in Tomcat. The default value is true. hm, that puzzles me a bit... does it also work vice-versa, meaning that autorization is handled by tomcat and then passed back to native httpd? would be a real bummer if we could dump that mod_auth_cookie_mysql-stuff... cheers gregor -- just because you're paranoid, don't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ skype:rc46fi - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: help : Tomcat 6.0.20 session replication not working
On Wed, May 12, 2010 at 3:51 PM, o-rabbit rju...@gmail.com wrote: Is there something more I need to do?? yes: read the clustering-how-to: http://tomcat.apache.org/tomcat-6.0-doc/cluster-howto.html rgds gregor -- just because you're paranoid, don't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ skype:rc46fi - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: help : Tomcat 6.0.20 session replication not working
On Wed, May 12, 2010 at 7:21 PM, o-rabbit rju...@gmail.com wrote: I am glad everyone does not think like you do! FYI: André is well know to this group as one of the persons trying their very best to help anybody having problems regarding Tomcat. If you didn't receive any answer helping you out of your misery yet, it simply means that noone has any idea why you're facing the problems. Tomcat clustering incl. session replication is known to work very well, and lb'ing with a fronted httpd using mod_jk is also a very common scenario known to work very well. It's pretty likely that some information to solve your issue is missing in the information you gave us. Since you spent only a few sentences describing your problem, for me it was natural to first point you to the according docs. And no, it's not as you stated that most ppl posting their questions here read the docs *before* they are posting here - that's why I pointed you to the docs hoping they might give you some clues. Anyways, just move ahead with your behaviour, pissing ppl like André off. I suggest you also insult Chuck, Mark and Pid, meaning that you'll have those guys off your list of *volunteers* which might be able to shed some light. Gregor -- just because you're paranoid, don't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ skype:rc46fi - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Running PHP 5.2.X on Tomcat 5.5?
On Tue, May 11, 2010 at 7:53 AM, Gregers Blach gregbl...@netscape.net wrote: PHPMyAdmin would be a very nice add-on in order to better support MySQL databases. ...and likely to dig a few security wholes... if you really, really want to go for php, esp. PHPMyAdmin, be sure to configure it to listen on localhost only and tunnel the access via ssh. Furthermore, I'd install httpd, make it listen on localhost only (see above). However, the solution we're having here is: - Use DBVisualizer on the client (pure Java) - make the MySQL listen on local host only - tunnel the access to MySQL via ssh Rgds Gregor -- just because you're paranoid, don't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ skype:rc46fi - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Running PHP 5.2.X on Tomcat 5.5?
On Tue, May 11, 2010 at 10:28 AM, Gregers Blach gregbl...@netscape.net wrote: Hi all, 1. No one recommends running PHP on Tomcat. Instead running httpd is recommended. right 2. No one is able to provide me with a guide for setting up Tomcat to run PHP. I guess this must be because no one does this... :o) To bad - I really would have liked to see it work. wrong - it's simply noone likes the idea. btw, googeling for PHP Tomcat would have shown you the following link as 1st hit: http://wiki.apache.org/tomcat/UsingPhp So it is possible, but you might not like what's written there Rgds Gregor -- just because you're paranoid, don't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ skype:rc46fi - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Help:tomcat 6.0.18 showdown automatically!
No idea if it has to do with your problem, but On Mon, May 10, 2010 at 2:21 AM, red phoenix rodphoe...@gmail.com wrote: Info: validateJarFile(Q:\Tomcat\webapps\MyApp\WEB-INF\lib\servlet-api.jar) - jar not loaded. See Servlet Spec 2.3, section 9.7.2. Offending class: javax/servlet/Servlet.class get rid of that outdated servlet-api.jar - you don't need it anyways. Rgds Gregor -- just because you're paranoid, don't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ skype:rc46fi - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Re : Tomcat 5.5.29 does not accept connections from outside
Marc, what gives if you call http://192.168.0.6:8080? Rgds Gregor -- just because you're paranoid, don't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ skype:rc46fi - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: help with hosting options and security
On Fri, May 7, 2010 at 9:11 PM, Yucca Nel yucca...@live.co.za wrote: modify serve.xml but how will I do this in production? load server.xml into any editor of your choice, change it, restart tomcat, that's about it loads od support what's that supposed to be? rgds gregor -- just because you're paranoid, don't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ skype:rc46fi - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Recommendation for log analyzer?
Provided your logfiles are rolling daily: echo Number of errors i file: `grep ERROR [logfilename here] | wget -l` as a start. Seriously: Analyze your requirements and have somebody write a small script which you put into your crontab. Said script can be a simple one or as complex as you like it. Provided you're running on Linux, there's a whole bunch of useful utilities (sed, awk) which could do the job. Rgds Gregor -- just because you're paranoid, don't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ skype:rc46fi - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: issue with Tomcat as service on Windows 2008 server
Just a shot from the hip: When you run TC from the comand-line, I figure you're using startup.bat, right? So, maybe there are some env-variables set in this script (or catalina.bat, classpath.bat), which are not set when running tomcat.exe as a service? Forget my comments in case you're running tomcat6.exe from the comand-line Cheers Gregor -- just because you're paranoid, don't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ skype:rc46fi - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: not able to use two oracle resources/
Could you please come back on that issue next week? My crystal ball is just out for maintenance, and without it I'm not able to read your logs containing the error-message... Rgds Gregor -- just because you're paranoid, don't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ skype:rc46fi - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: FW: General / Special cause under which TOMCAT Crash been noticed
Karthik, *If* any OutOfMemoryError occurs within Tomcat, the reason for said error will be some faulty webapp, meaning it is likely to crash any other servlet-container, too. Therefore, stick to the rules I pointed out above, and you'll be fine: Make sure you have some solutions ready in case of DDoS, see that your OS is stable and on a current patchlevel and scrutinize the software you're installing into Tomcat (aka Webapps) thoroughly - that's about it. Rgds Gregor -- just because you're paranoid, don't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ skype:rc46fi - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: General / Special cause under which TOMCAT Crash been noticed
Karthik, AFAIK there is no study telling the likeliness of any web- / application-server to crash. If there wer such a study, you'd have to specify a 'lot' of possible crash-scenarioes - startung at misbehaviour of admins, ddos, bad webapps etc. Make sure you have some solutions ready in case of DDoS, see that your OS is stable and on a current patchlevel and scrutinize the software you're installing into Tomcat (aka Webapps) thoroughly - that's about it. If I did not understand your question correctly, you might want to rephrase it. Rgds Gregor -- just because you're paranoid, don't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ skype:rc46fi - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: standardize the URL
On Tue, Apr 20, 2010 at 12:54 PM, banto banto...@gmail.com wrote: Hi, i know this can be a silly question but i have the following issue: i want to call my web app with a standard URL as http://host:port/myString how does the url look like when you call your webb-app currently? how would you like the url to look like? rgds gregor -- just because you're paranoid, don't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ skype:rc46fi - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Is it possible to connect to a different database based on the URL?
On Tue, Apr 20, 2010 at 3:00 PM, Shinan Kassam shin...@gmail.com wrote: I currently have custom authentication working using JDBCRealm. Hence, I have some database parameters in server.xml as well as my application. Is it possible to use a portion of the URL as a parameter to connect to a different database. shot from the hip: - specify all databases available inside your context.xml-file - from the url, read a parameter (such as customer=scrooge) - depending on the parameter, create the datasource: try { Context env = (Context) new InitialContext().lookup(java:comp/env); dbDS = (DataSource) env.lookup(customer); if (dbDS == null) { logger.error(seems that ' + dataSourceName + ' is an unknown DataSource); throw new ServletException(' + dataSourceName + ' is an unknown DataSource); } } catch (NamingException e) { logger.error(Exception caught:, e); throw new ServletException(e); } hth gregor -- just because you're paranoid, don't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ skype:rc46fi - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
ASF servers hacked (JIRA, Bugzilla, Confluence)
Don't know if you guys are aware of it, but the above mentioned system have been compromised. According to their blog (https://blogs.apache.org/infra/entry/apache_org_04_09_2010), the ASF infrastructure-team recommends to change your passwords for said systems. Rgds Gregor -- just because you're paranoid, don't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ skype:rc46fi - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: The question of automatic restart Tomcat
On Tue, Apr 13, 2010 at 7:46 PM, Jon Brisbin jon.bris...@npcinternational.com wrote: We use automatic restarts on OutOfMemory errors and it works fantastically. I don't do it the way described here, though. I use the JVM's -XX:OnOutOfMemoryError option. I add the following to CATALINA_OPTS: -XX:OnOutOfMemoryError=/usr/sbin/restart_tcserver I'm not aware of that option within my standard sun jdk 1.6.x - what Java-version are you running offering this really useful feature? Cheers Gregor -- just because you're paranoid, don't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ skype:rc46fi - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Strange memory-behaviour using Tomcat Native
Hi there, we do observer a strange behaviour of memory-consuption when running Tomcat within native mode (via jsvc). First, our configuration: Using CATALINA_BASE: /srv/someServer/catalina_base Using CATALINA_HOME: /srv/someServer/catalina_base Using CATALINA_TMPDIR: /srv/someServer/catalina_base/temp Using JRE_HOME:/usr/lib/jvm/java-6-sun Using CLASSPATH: /srv/someServer/catalina_base/bin/bootstrap.jar Server version: Apache Tomcat/6.0.26 Server built: March 9 2010 1805 Server number: 6.0.26.0 OS Name:Linux OS Version: 2.6.26-2-686 Architecture: i386 JVM Version:1.6.0_12-b04 Besides, said Linux-bix is running within VMWare ESX Server 3i 3.5.0 build 123629 We specified the memory inside the startup-procedure as follows: CATALINA_OPTS=-XX:MaxPermSize=384m -Xms512m -Xmx512m -Djava.library.path=$CATALINA_BASE/bin/tomcat-native-1.1.20-src/jni/native/.libs $JPDA_OPTS However, taking a look at memory-consumption using top gives the following: top - 13:04:15 up 7 days, 1:15, 1 user, load average: 0.06, 0.02, 0.00 Tasks: 72 total, 1 running, 71 sleeping, 0 stopped, 0 zombie Cpu(s): 0.0%us, 0.5%sy, 0.0%ni, 99.3%id, 0.0%wa, 0.0%hi, 0.2%si, 0.0%st Mem: 3043600k total, 624960k used, 2418640k free,95288k buffers Swap: 329292k total,0k used, 329292k free, 220852k cached PID USER PR NI VIRT RES SHR S %CPU %MEMTIME+ COMMAND 12712 tomcat20 0 967m 77m 8068 S02.6 0:06.84 jsvc Oops - what am I missing here? My expectation where, that CATALINA_OPTS are adhered to, even when starting Tomcat in native mode. The max. memory-consuption I was expecting (in case MaxpermSize is allocated completely would be some 896M. Btw., when giving Tomcat 1024m as Xms Xmx, memory-footprint is around 1.6GB... Anybody has an idea what I might be missing here? TIA Gregor -- just because you're paranoid, don't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ skype:rc46fi - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Strange memory-behaviour using Tomcat Native
Hi Mark, On Thu, Apr 8, 2010 at 1:48 PM, Mark Thomas ma...@apache.org wrote: On 08/04/2010 12:12, Gregor Schneider wrote: Anybody has an idea what I might be missing here? That Java Heap Space + Perm Gen Space OS process Space You are missing the memory used for: - native code - gc - thread stacks I'd agree to that, however, somehow it suprises me that almost 1/2 a GB is used for native, gc, threads stuff - wasn't aware that it is that much, specifically, that the memory-usage of said components seems to be increasing even further when enhancing Xmx / Xmx. Example: When using Xms/Xmx = 512M, MaxpermSize=384M, then the overall footprint is a bit less than 1GB When using Xmx/Xmx=1GB, MaxpermSize=384M, the overall footprint is 1.6GB. That means, for those administrative stuff in the first example less than 100M is used, but in the 2nd example it's more than double the size - is such a common behaviour? Rgds Gregor -- just because you're paranoid, don't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ skype:rc46fi - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Junit and Tomcat
What do you wnat to test specifically? JSPs? Servlets? or just some common Java classes being used by a Servlet / JSP? Rgds Gregor -- just because you're paranoid, don't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ skype:rc46fi - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Apache Tomcat 5 does not work on port 80
You can telnet port 80 without any problems? Well, that means there's some application running using port 80, otherwise you wouldn't be able to telnet on port 80. What gives netstat -a? Rgds Gregor -- just because you're paranoid, don't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ skype:rc46fi - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: DB connection error -Tomcat 6 config
ah. come on, chuck, why's that everyone is picking on my nick? *sic* i'm reading and posting from my mobile, which is why i may have not seen andre's post cheers gregor --- just because you're paranoid doesn't mean they're not after you... Am 19.03.2010 um 18:16 schrieb Caldarale, Charles R chuck.caldar...@unisys.com : From: 2smart4u [mailto:rc4...@googlemail.com] Subject: Re: DB connection error -Tomcat 6 config just a quick thought: have you tried installing Tomcat into a directory where it's name is *not* containing any spaces? I would have thought a smart person would be keeping up - André sugg ested that a couple of hours ago, and the OP already noted it would be a good idea. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Apache Tomcat ICD-10 compliance
Correct me if I'm wrong, but afaik ICD-10 is nothing but a code describing the hierarchy-structure of disorders like asthma, hayfever, cancer etc issued by the WHO. I do not see how Tomcat or any other web- / application-server should support such a standard: It's the application (here: servlet or jsp) which has to be able to support your favourite ICD-code. Therefore, ask the provider of your software dealing with ICD-codes wether it's ICD-10 compliant or not. Cheers Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ skype:rc46fi - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to get thread dump on Tomcat 6 (windows)
Thread-Dump on Windows: If I'm not mistaken, the key-combination CtrlBreak should do the trick on /most/ JVMs Rgds Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ skype:rc46fi - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to get thread dump on Tomcat 6 (windows)
Hi Chuck, is he running TC as a service? I couldn't find any information on that in the post - otoh, as Rainer pointed out, my eysight seems not to be the best... Just tested it with a sample Java-Swing-Application: - getting a thread-dump with ctrl/break on JDK 1.5, don't get it with JDK 1.6 - hm, strange... Cheers Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ skype:rc46fi - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to get thread dump on Tomcat 6 (windows)
hm, there are only two possible scenarioes I can think of: - either the key-combination ctrl-brk is somehow intercepted in the swing-app I was using (actually pretty unlikely) - german keyboard might interfere but only with 1.6? strrange... cheers gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ skype:rc46fi - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Apache httpd vs Tomcat static content performance [some results]
I'm a bit puzzled: In your previous tests it looked like that Apache is outperforming (ok, not really) Coyote w APR when the files grew bigger. In your last results I can't see that pattern - actually, I don't see /any/ pattern... Any idea how come? Cheers Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ skype:rc46fi - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Problems configuring mod_jk
Hi guys, I'm about to update an old Tomcat-instance (5.5.quite_old) to the latest 5.5, also I'm about to update an outdated mod_jk to the latest version. The old config of mod_jk had quite some depricated directions included, so I changed them (opefully) according to the doc I found here:http://tomcat.apache.org/connectors-doc/reference/workers.html However, when I check the logs from mod_jk, I always get the following error-messages (multiple times, I guess it's one for every virtual host in Apache HTTPD): [2009-05-18 19:34:44][18754:3078399680] [error] uri_worker_map_ext::jk_uri_worker_map.c (506): Could not find worker with name 'worker' in uri map post proces sing. However, I do not see where I defined a worker with the name worker. All vhost-definitions within Apache are alike when it comes to the jk-specs, thus I'm just posting a sample vhost-definition: VirtualHost *:443 [ ...] JkMount /SingleSignOnCLUE/* worker JkMount /LoginData/* worker JkMount /j_security_check worker JkMount /IndexCLUE/* worker JkMount /BMIWizardCLUE/* worker JkMount /RRWizardCLUE/* worker JkMount /DiabetesCLUE/* worker JkMount /HyperlipCLUE/* worker JkMount /ForeignTravelCLUE/* worker JkMount /MartialArtsCLUE/* worker # JkRequestLogFormat %b %m %q %s %T [ ...] /VirtualHost My jk.conf: JkWorkersFile /etc/apache2/workers.properties JkLogFile |/usr/bin/cronolog -S/var/log/apache2/mod_jk.log /var/log/apache2/%Y/%m/mod_jk-%d.log JkLogLevel info JkLogStampFormat [%F %T] And here come my workers.properties: # workers.properties - ajp13 # # List workers worker.list=wrkr # Define wrkr worker.wrkr.port=8009 worker.wrkr.host=127.0.0.1 worker.wrkr.type=ajp13 worker.wrkr.connection_pool_size=30 worker.wrkr.connection_pool_timeout=60 worker.wrkr.socket_timeout=60 worker.wrkr.lbfactor=1 worker.loadbalancer.type=lb worker.loadbalancer.balance_workers=wrkr Versions I'm using: Using CATALINA_BASE: /home/tomcat/www Using CATALINA_HOME: /home/tomcat/www Using CATALINA_TMPDIR: /home/tomcat/www/temp Using JRE_HOME: /opt/jdk1.5 Server version: Apache Tomcat/5.5.27 Server built: Aug 28 2008 10:08:26 Server number: 5.5.27.0 OS Name:Linux OS Version: 2.6.18-5-686 Architecture: i386 JVM Version:1.5.0_07-b03 JVM Vendor: Sun Microsystems Inc. Server version: Apache/2.2.3 Server built: Sep 6 2008 09:52:20 OS is debian etch, kernel is 2.6.18-5-686 GNU/Linux Would be great if anyone could shed some light... TIA Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ skype:rc46fi - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Problems configuring mod_jk
Hi Rainer, On Mon, May 18, 2009 at 9:35 PM, Rainer Jung rainer.j...@kippdata.de wrote: The error means: you told mod_jk to use it, but you forgot to define it. All vhost-definitions within Apache are alike when it comes to the jk-specs, thus I'm just posting a sample vhost-definition: VirtualHost *:443 [ ...] Lots of mounts telling jk to use a worker named worker (the last token in the line) JkMount /SingleSignOnCLUE/* worker JkMount /LoginData/* worker Oh my I'll have an appointment with an eye-specialist soon, promised... You /definately/ shed some light here... Thanks! Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ skype:rc46fi - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
mod_jk: question regarding log-format
hi guys, i'm wondering where - except from the source - i could find the information of what the log-format-parameters actually mean. example: JkLogStampFormat [%a %b %d %H:%M:%S %Y] that's the default format-string, however, in the docs (http://tomcat.apache.org/connectors-doc/reference/printer/apache.html) i can't find what %a and %b mean. I presume that %a tells me the ip-adress and that %b are the bytes, however, i'd really like to read it up somewhere. any clue? tia gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ skype:rc46fi - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to make request parameters available to a login.jsp?
Chris, On Thu, May 7, 2009 at 4:07 AM, Christopher Schultz ch...@christopherschultz.net wrote: A few questions: Chris, maybe you'll get the hang of this Valve if I explain the business-requirement I had: My primary target was to cirumvent the problem having a framed web-app, where some content is requested after the session has timed out. let's say we have the following website-structure: ++ | menue1| | | menue2| some_content| | menue3| | | menue4| | | menue5| | +-+ (hope the formatting is ok ) some_content is an iframe, and the content of this iframe is changed by selecting one of the left menue-items. The iframe is specified in index.html such as: html body iframe name=some_content src=/protected/somepage.html Some iframe-error-message /iframe /body /html Now let's assume, session is timing out, and after that timeout the user selects one of the menue-entries on the left side. What's happening? The url requested will look like http://mysite/protected/some_stuff; The HTML in that case looks like a href=http://mysite/protected/some_stuff.html; target=some_contentmenue4/a No this triggers j_security_check, but unfortunately j_security_check just stores the last request, and after passing the credentials, you'll won't see your index.html but /protected/some_stuff.html - without the iframe and aboviously without the menue. So the purpose of this Valve is to provide a mechanism which makes sure, that if a non-authorized request comes in requesting anything else but your /protected/index.html, that the original request (i.e. /protected/some_stuff) is replaced by /protected/index.html (or any other url being specified in the Valve-descriptor). Now take a look at some example-Valve-descriptor: Context Valve className=org.apache.catalina.valves.LoginValve protectedPath=/protected redirectAfterAuth=/protected/index.html/ /Context This basically says, that all /non-authorized/ requests to the protected content will be re-routed to /protected/index.html (redirectAfterAuth). 1. Why can't the redirectAfterAuth path be within the protected space? Actually I do not see why this shouldn't be possible: Actually the idea is, that redirectAfterAuth /must/ be in the protected area If you take a look at the first condition: + if (aRequest.getRequestURI().startsWith(protectedPath) + !aRequest.getRequestURI().startsWith(redirectAfterAuth) +!aRequest.getRequestURI().startsWith( + /j_security_check, 10)) { Basically it says: - Only URLs are handled being in my protected area - the URL must /not/ be equal my default protected starting-URL - the URL requested must /not/ be j_security_check The two latter conditions are necessary to avoid an infinite loop when accessing protected content 2. Why do you check to see if the request URI /startsWith/ the redirectAfterAuth instead of being equal to it? Because there might be some parameters after the adress in the URL - i.e., if Cookies are not possible so that the session-information is stored within the URL 3. Why are you checking to see if characters 10 - 16 of the request URI are y_check. Why not check for the whole j_security_check string? Why not check the /end/ of the request URI for j_security_check, since the URI for j_security_check is not required to be /j_security_check but pretty much */j_security_check? You are right with this: Actually I made a mistake here: When j_security_check is triggered, the URL will look like /protected/j_security_check As you can see, in this example it works since /protected is exactly 10 characters long. Therefore, the correct code would be +!aRequest.getRequestURI().startsWith( + /j_security_check, protectedPath.length())) { I'll correct that with a new patch during the weekend. Why do I not ask for the String ending with j_security_check? I was not sure how that URL looks like if session-info is encoded within the URL - therefore I'm using startsWith() 4. Why are killing the session if the authtype is null? Because we experienced with some users, esp. behind company-proxies, that situations may occur where a session still exists, but the Principal was null. Therefore, if Principal is null, better be safe than sorry and make sure you definately have a new session 5. Why does your valve pass-through any requests before the component has started? Is there a valid use case where NOT performing these checks and redirects is appropriate? Nope. I took this code
Re: How to make request parameters available to a login.jsp?
Pid, On Thu, May 7, 2009 at 2:01 PM, Pid p...@pidster.com wrote: Alternative: I don't have this to hand anymore since the original site was changed and I'm not the dev for it anymore, but we put a frame-busting javascript on the login page instead, it loaded our preferred start URL instead of just busting the frame. Not ideal if you want to do it all server-side, but it worked for us. doesn't work for us for several reasons: - few thoused html-pages, meaning you'll have to put the frame-breakout into /every/ page - although most pages are generated by a tool *sic*, the head-sections are mostly different to each other so that we also can't generate such a frame-breakout for every page. Doing so by hand is way too much effort Other than that, your solution is fine, however, due to the above that doesn't work for us. Cheers Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ skype:rc46fi - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to make request parameters available to a login.jsp?
I've suggested a patch to issues.apache.org which might be helpful if Sid wants to implement his own Valve. My patch is a new valve, which diverts the call to a pre-defined URL if j_security_check is called (I had to circumvent the fact that after j_security_check Tomcat is always forwarding to the last request being stored - that doesn't work when dealing i.e. with frames. The benefit for the OP: Since it's a Valve, it's pretty easy to evaluate the url originally requested - not sure, if the parameters are in there but I believe so. Since this Valve is pretty straight forward and lean, it shouldn't be a problem to adapt it so that it might meet Sid's needs. You can find the patch here: https://issues.apache.org/bugzilla/show_bug.cgi?id=46902 Cheers Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ skype:rc46fi - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Slightly OT: log4j - generic log4j.dtd
Thing is, that we have multiple boxes (Debian) running with multiple hosters, so every layout of those boxes is different (i.e. one has Tomcat in /var/lib, the other one in /usr/local, next one in /home/apps/tomcat). Since *some* of our servlets (i.e. our own SSO-mechanism) are runnung in all boxes, I can't use an absolute path since this one is different on quite some of those boxes. Given that usually log4j.xml ist stored in $CATALINA_HOME/webapps/$app/WEB-IF/classes I thought of something like !DOCTYPE log4j:configuration SYSTEM ../../../../common/classes/log4j.dtd That's because our Tomcats are also using log4j instead of Juli. However, that's close to perfect when using all same Tomcat versions, but when mixing Tomcat 5.5 and Tomcat 6 on some boxes, this also doesn't work, since there's no such such as $CATALINA_HOME/common in Tomcat 6. Therefore my idea was to use a Java-property being resolved while pasing log4j.xml, however, the usual meachanism to use Java-properties inside XML-files doesn't seem to work here. Actually the property gets resolved perfectly as you can see within the error-message log4j:ERROR Could not parse url [file:/home/tomcat/www/common/classes/log4j.xml]. java.net.MalformedURLException: no protocol: ${log4j.dtd} at java.net.URL.init(URL.java:567) at java.net.URL.init(URL.java:464) [ ...some more stuff deleted ] but the protocol ist the problem. Oh shit - now that I'm typing I *think* I see the error: One slash after file: seems to be missing... I'll have it changed on Monday when I'm back in the office to -Dlog4j.dtd=/${CATALINA_HOME}/common/classes/log4j.dtd \ and will let you guys know if that works. Cheers Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ skype:rc46fi - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Tomcat users meetup in London
Whish I could have made it to London, however, since I'm packed here like never b4 and - most important - my wife is due with our first kid within the next couple of weeks, I earned a few vetoes :( And concerning why it's quiet on the list: In most European countries today is labour-day meaning a really long weekend. Quite some ppl are making this into one week holidays. So give it a few days, and the list will be back to normal. Cheers Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ skype:rc46fi - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Slightly OT: log4j - generic log4j.dtd
Hi guys, I know it's not a real Tomcat-topic, however, it's close to and I'm wondering if anyone on this list might come up with some kind of a smart solution. Most of you may know the typical first lines of any log4j.xml-config-file: ?xml version=1.0 encoding=UTF-8 ? !DOCTYPE log4j:configuration SYSTEM log4j.dtd So far, so bad. Why bad? Because every bloody servlet needs it's very own log4j.dtd together with it's log4j.xml, which is why I'm looking for a smarter solution. It's a good thing that every servlet has it's onown log4j.xml so that each servlet can be configured - here I would like the idea of a cantral log4j-configuration-file. However, with log4j.dtd things are slightly different since it's always a file with the same content and I really dislike redundancies. So my idea was to use ${CATALINA_HOME}, pass this via -Dlog4j.dtd as a Java-property to Tomcat and evaluate this property within log4j.xml, however, that does not seem to work: [ from catalina.sh ] = CATALINA_OPTS= -Xmx256m -server \ -Djava.awt.headless=true \ -Dlog4j.dtd=${CATALINA_HOME}/common/classes/log4j.dtd \ -Dlog4j.configuration=log4j.xml [ from some log4j.xml ] === ?xml version=1.0 encoding=UTF-8 ? !DOCTYPE log4j:configuration SYSTEM ${log4j.dtd} The result: log4j:ERROR Could not parse url [file:/home/tomcat/www/common/classes/log4j.xml]. java.net.MalformedURLException: no protocol: ${log4j.dtd} at java.net.URL.init(URL.java:567) at java.net.URL.init(URL.java:464) [ ...some more stuff deleted ] I do no that I can pass a URL, so basically some thing like !DOCTYPE log4j:configuration SYSTEM http://localhost/mylog4jconf/log4j.dtd; should work, but I don't like the idea that I have some directory just containg some configuration-files which is accessible via http. I know, I could use a RemoteAdressFilter which just allows connection from localhost for this webapp, but all this looks a bit too complicated /awkward to me. besides, on this box is not only one but a whole bunch of virtual hosts with obviously different domains running. Ah well, before André's complaining: ;) My config is as follows: Using CATALINA_BASE: /home/tomcat/www Using CATALINA_HOME: /home/tomcat/www Using CATALINA_TMPDIR: /home/tomcat/www/temp Using JRE_HOME: /opt/jdk1.5 Server version: Apache Tomcat/5.5.17 Server built: Apr 14 2006 02:08:29 Server number: 5.5.17.0 OS Name:Linux OS Version: 2.6.18-5-686 Architecture: i386 JVM Version:1.5.0_07-b03 JVM Vendor: Sun Microsystems Inc. However, same goes for Tomcat 6 with Java 6 and [put your preferred environment here ] So guys, anyone smart around here? Cheers Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ skype:rc46fi - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: 15 second for redeployment is to much
On Sun, Apr 19, 2009 at 9:43 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: How about pointless? Somewhat akin to debating the number of angels that can dance on the head of a pin. Why pointless? The answer is obvious: 42 scnr... Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ skype:rc46fi - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: What Tomcat presentations / demos / discussions do you want to see at ApacheCon US 2009?
Hi Mark, - I think an overview of thenew features of Tomcat 7 would be great - Fillip did a talk about the new Servlet Specs 3.0 - Concerning how often questions regarding mod_jk are showing up in the list: mod_jk - HowTo / Best practices - I very much liked the talk becoming a tomcat superuser Mark, I wrote a mail to Fillip since his presentations of the ApacheCon EU (Servlet 3.0 etc.) are not available via the ApacheCon-website, however, seems as if my mail went straight into Fillip's Spam-folder. Could you maybe ask him if he could provide his slight from the last ApachCon? And please /not/ on slideshare.net: 1st, I don't like to register there, 2nd, I'd actually like to avoid installing Flash... Cheers Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ skype:rc46fi - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: What Tomcat presentations / demos / discussions do you want to see at ApacheCon US 2009?
Hi André, On Thu, Apr 16, 2009 at 1:15 PM, André Warnier a...@ice-sa.com wrote: Mark Thomas wrote: [...] How about a session like : Everything you always wanted to know about connecting Apache httpd and Tomcat, but never dared to ask yepp, and Woody Allen as the presenter ;) If you can't get Woody, my suggestion would be Rainer. Cheers Gregor PS.: And since I'm almost certainly not be able to attend the ApacheCon in November, I really hope that some slides will be there... Cheers Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ skype:rc46fi - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: What Tomcat presentations / demos / discussions do you want to see at ApacheCon US 2009?
Hi Mark, On Thu, Apr 16, 2009 at 12:44 PM, Mark Thomas ma...@apache.org wrote: The conference organisers took copies of our slides and promised us they would upload them for us. Oh well. I uploaded mine myself. I'll see if Filip can do the same. well, on some talks the guys having the chair made sure that the slides went onto a USB-stick which then was passed to the organisators for being put on the ApacheCon-website. Fillip actually passed a USB-stick with his slides on among the attendees, unfortunately that stick never made it to my place. If you go to the ApacheCon-Website, you'll find quite some session where it says No material available.. Cheers Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ skype:rc46fi - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Restarting Tomcat from Ant
How about exec dir=${TOMCAT}/bin/ executable=./shutdown.sh / Rgds Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ skype:rc46fi - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: CPU usage with APR and connectionTimeout impact
On Thu, Apr 2, 2009 at 3:37 PM, Taylan Develioglu tdevelio...@ebuddy.com wrote: I think a seperate overview of attributes per connector would be clearer. +1 Somebody got some time to change it in the TC trunk and cis able to reate a bugzilla-RFE with a patch? Any volunteers welcome ;) Rgds Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 5 and UTF-8
On Thu, Apr 2, 2009 at 7:30 PM, Je suis la poubelle laps...@gmail.com wrote: On Fri, Mar 27, 2009 at 5:34 PM, Christopher Schultz ch...@christopherschultz.net wrote: Setting charset/encoding is to specify computerized information. It's not just a matter of language. If setting charset in META tag doesn't mean anything to you, the same argument applies to setting charset in HTTP header. Well, this is the only argument I can agree upon. But encoding of HTML/XML is the story of which was there first: The hen or the egg? I'll give you an example based on our dreadful experiences with XML-parsing: Let's say, we have a stream looking like this: ?xml version=1.0 encoding=UTF-8? foobar/foo /xml However, the encoding of the whole stream is done in some wierd encoding you've never heard about. See, the parser needs to know about the encoding /in advance/ to be able to read the encoding from said stream. See the point? Actually, it's a good practice to put the encoding, but that's about it, and same goes for a META-TAG. Talking web, the only thing a parser can rely on is a HTTP-Header. And it's getting really nuts, when it comes to UTF-8: Talking about UTF-8 with or without BOM? Even the specs are not clear about that. In my oppinion, the whole character-set is a pain in the ass: I personally wish IETF came up with some specs saying something like the first n bytes of any stream have to be encoded in ASCII containg length and encoding-type of the rest of the stream. I put that on my whishlist for xmas. Rgds Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to debug Error: listenerStart?
On Thu, Apr 2, 2009 at 7:30 PM, Dan Armbrust daniel.armbrust.l...@gmail.com wrote: What would be doing this? Something in my app is preventing this severe error from being passed up to tomcat to be logged - but then my app doesn't log it either - probably because it is stopped before it ever finishes deploying. Your app can't logg /before/ being deployed - that's Tomcat's responsibility. There is obviously some interaction going on between my webapp and tomcat's logging system that I don't know about. - Check out if you find a file like log4j.properties or log4j.xml within your Tomcat-subdirectories (not within you webapps!) and rename it - Check for a file named log4j*.jar and rename it - Check for a file logging.properties within your Tomcat-subdirectories (not within you webapps!) and rename it - Replace the renamed file logging.properties with one from a clean Tomcat-installation - Restart Tomcat Now if there's an error with the deployment, you should find that within Tomcat's logs. Rgds Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: DataSource from Context files - doesn't work
On Wed, Apr 1, 2009 at 12:07 PM, Mighty Tornado mighty.torn...@gmail.com wrote: Where can I obtain it? You wrote before: I get the following exception in the log when I start the server up: == localhost.2009-03-03.log == at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at so in that log there should be the complete stacktrace of the exception including it's type. Unfortunately my apps are working like charm, so I ain't got an example to cpy and post here... *cough* Rgds Gregor @ Yassine: Availabe for a chat via Google? I got your shirts, remeber... ;) -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: redirection
On Wed, Apr 1, 2009 at 4:22 PM, Peter Crowther peter.crowt...@melandra.com wrote: And, indeed, that Apache + mod_security + mod_jk + Tomcat has fewer vulnerabilities than just Tomcat. Since I'm interested on hard data, too, hand over the facts, please. It's just that I'm curious... Rgds Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Re: DataSource from Context files - doesn't work
Hi André, On Wed, Apr 1, 2009 at 4:52 PM, André Warnier a...@ice-sa.com wrote: Gregor Schneider wrote: Unfortunately my apps are working like charm, so I ain't got an example to cpy and post here... *cough* Angeber. Promise to conserve my next exception-log and will send it to you.. ;) Cheers Gregor PS.: To be honest: One app is not working as expected, but there ain't no exception-log *ouch* -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: redirection
Peter, On Wed, Apr 1, 2009 at 4:58 PM, Peter Crowther peter.crowt...@melandra.com wrote: And, indeed, *assuming* that Apache + mod_security + mod_jk + Tomcat has fewer vulnerabilities than just Tomcat. I'd also be very interested to see the evidence (either way) on that. See, I believe in the statement that the more components you're adding to an environment, the more possibilities there are for a security-hole. However, to believe is not to know... However, when I check full-disclosure and other security-lists, I see few issues referring to Tomcat, but I see quite some issues referring to HTTPD and it's modules. I guess if you're once able to break HTTPD and found your way into the box, harm is on it's way. I further /believe/ that from this point it makes sense to use as few components as possible. Anyhow, that's what I believe, not what I know. Cheers Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: redirection
Martin, On Wed, Apr 1, 2009 at 6:53 PM, Martin Gainty mgai...@hotmail.com wrote: Gregor can you elucidate any documented security holes in Apache HTTPD? Most of them are fixed, but it proofs that there are quite some, and I bet there will be some full disclosure in future. For a start: http://www.google.de/search?q=full+disclosure+apache+httpdie=utf-8oe=utf-8aq=trls=org.mozilla:de:officialclient=firefox-a Rgds Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: DataSource from Context files - doesn't work
If you haven't specified a console-logger: catalina.out Rgds Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Surprising auto-(un)deploy behavior
On Tue, Mar 31, 2009 at 10:56 AM, Rainer Frey (Inxmail GmbH) rainer.f...@inxmail.de wrote: Then, is this intended behavior, or a bug? Rainer Making a long story short: It's expected behaviour. From the Tomcat 6 documentation (http://tomcat.apache.org/tomcat-6.0-doc/deployer-howto.html): === [ snip ] Deployment on Tomcat startup If you are not interested in using the Tomcat Manager, or TCD, then you'll need to deploy your web applications statically to Tomcat, followed by a Tomcat startup. The location you deploy web applications to for this type of deployment is called the appBase which is specified per Host. You either copy a so-called exploded web application, i.e non-compressed, to this location, or a compressed web application resource .WAR file. The web applications present in the location specified by the Host's (default Host is localhost) appBase attribute (default appBase is $CATALINA_BASE/webapps) will be deployed on Tomcat startup only if the Host's deployOnStartup attribute is true. The following deployment sequence will occur on Tomcat startup in that case: 1. Any Context Descriptors will be deployed first. 2. Exploded web applications not referenced by any Context Descriptor will then be deployed. If they have an associated .WAR file in the appBase and it is newer than the exploded web application, the exploded directory will be removed and the webapp will be redeployed from the .WAR 3. .WAR files will be deployed Note again that for each deployed web application, a Context Descriptor will be created unless one exists already. === [ snap ] Rgds Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Slow servlet response under WinXP Pro
Chris, my experience with those scanners (slowest on top): - Symantec (Norton) - Kaspersky - McAffee However, those experiences are based on workstations only. I do know that at least some of those scanners do have different enterprise soltutions. However, I guess experiences may vary, so you have to measure. Measuring only works in a defined environment, so that even if there /were/ any benchmarks, they might not mirror the situation within /your/ environment. Therefore, IMHO, if Linux is not an option for some weird political reason, I'd ask those AV-vendors to get me a version which I could test for a month. After 3 months of tests you should know which scanner is best for your requirements. Coming back to the OP's problem: For a quick solution /knowing/ that my actual scanner is the bottleneck, I definately would give some different scanners a try and see if that helps. Cheers Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Hosting Recommendations.
Wesley, if Germany is an option, I'd have 2 recommendations for you: One lowcost (starting at @ €40-something) and one premium-hoster (starting @ around € 250 per box). Prices are per month, and it's We're using both of them for our company and we're highly satisfied. Drop me a line if you want their contacts. Rgds Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Profiling tomcat applications with -Xrunhprof (Tomcat runs asa Windows Service)
On Tue, Mar 31, 2009 at 5:19 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Christopher Schultz [mailto:ch...@christopherschultz.net] Subject: Re: Profiling tomcat applications with -Xrunhprof (Tomcat runs asa Windows Service) Are you trying to get profiling data, or are you trying to get a thread dump? No, he's looking for heap profiling. I think you're describing the process to get a thread dump (which is CTRL-\, /not/ CTRL-C, which will kill your process). Talking about thread-dumps: I guess Johannes is using a German keyboard. On a German keyboard, a Java-thread-dump is triggered by StrgPause (That's CTRLBREAK translated). HTH Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat service won't start
Since you're not using an original Tomcat-download but a pre-packaged version: - Did you do an emerge recently? - What gives netstat -lnp? - What's the Centos-package-maintainer's oppinion on that? Rgds Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: configuring tomcat with apache and eclipse.
On Mon, Mar 30, 2009 at 6:35 PM, Yassine elas...@users.sourceforge.net wrote: if i were you i would use only eclipse + tomcat for my development and when ever i want to test some Apache related configurations i will then do the configurations manually. afaik there is nothing (plug in) that takes care of Apache web server configurations in eclipse. +1 Rgds Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: configuring tomcat with apache and eclipse.
Wes, On Mon, Mar 30, 2009 at 7:23 PM, Wesley Acheson wesley.ache...@gmail.com wrote: It was because of the SSL stuff I haven't learnt how to set up SSL with tomcat. I'm curious: What's the benefit having Tomcat run in SSL-mode for Servlet / JDP-development? Okay but as far as I know when you make any trivial change in eclipse, It builds an entire WAR file and restarts its tomcat instance which means lost sessions really annoying if your working on the forth step of a 4 step process. and also it means Its slow to develop. That's definately wrong. Eclipse won't restart Tomcat but will re-deploy the war-file. I'm not too sure about the next one. I remeber that here's a discussion going on here about losing sessions during re-deplyment: AFAIK a session is only lost after you stop an application - not during redeployment. However, there's a small catch: If you change the class which is added to a session as a sesson-attribute, I'm pretty much sure that the session will be lost, since deserializing the session-data might not work any more. Maybe one of the guys here can shed some more light how it's /supposed/ to be. There's an interesting thread here on the list regarding the loss of sessions during re-deployment which some consider a bug, and there's even a workaround for that bug: http://www.nabble.com/Session-lost-when-app.-is-redeployed-td22660549.html My personal oppinion: When I re-deploy a webapp (and the webapp is changed!), a session /must/ be lost, otherwise serialization / de-serialization of session-data might end up somewhere in Nirvana. Rgds Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat service won't start
Sergio, please do the following: - remove (rename) your catalina.out and try to start Tomcat with /etc/init.d/tomcat5 start (or whatever name your startup-script has) After that, the log-file should hopefully be a bit shorter. I'm a bit puzzled since your having quote /some/ errors in the previous log, starting with connection refused, ending with NoClassDefFound. One of my favourite words for the day: If you want to have an elephant for breakfast, you'll have to cut it into small pieces first.. No let's start to cut: 1. The entry INFO: Pausing Coyote HTTP/1.1 on http-8080 tells me you're trying to run Tomcat on port 8080 - correct? Can you please verify this by posting the Connector-element from your server.xml? 2. java.lang.NoClassDefFoundError: javax/servlet/http/HttpServletRequest: Could you please provide the directory-listing from ${CATALINA_HOME}/common/lib? 3. Now think: Usually, programs just don't mutate (at least, most of them ans esp. Tomcat). Now what have been your recent actions on that server? Rgds Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: configuring tomcat with apache and eclipse.
Chuck, actually Nirvana is a pretty good place but for serialized / de-serialized sessions ;) Anyway: On Mon, Mar 30, 2009 at 8:38 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: Are you saying you run a production Tomcat under Eclipse? That's insane. I'm understanding this scenario in such a way that there's a test/dev-environment that being a 1:1-copy of the production-environment. Makes sense, IMHO. However, what doesn't make sense is to use all the SSL-stuff when developing apps - unless you develop a SSL-aware-app. So calm down, think of your heart, I believbe the OP is just having an unusual development-environment. Cheers Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Slow servlet response under WinXP Pro
Jon, On Mon, Mar 30, 2009 at 8:45 PM, jo...@catholic-doc.org wrote: There is no native JDBC driver for Navision, so I have to use the ODBC version. ODBC is usually already a show-stopper on Java I think I may have found the problem, but I do not know how to fix it. All of our systems (including the production server) have Symantec virus software running. Well, maybe you should use an /anti-virus-software Symantec will slow down the process. When I turn the virus checking off, the application runs very well, when I turn the virus checking on, I experience the slow screen display So your problem is not Tomcat since Tomcat is not aware of any virus-protection nor interacts it with it. As long as you keep Symnatic running with your current configuration, you'll have to face the performance-problems. I'll bet my bottom penny that if you use a different servlet-cpntainer such as Resin, the problems will persist. Does anyone know of a solution to this problem? Erm - use Linux? But... I have been told that turning off the virus scanning on the production box is not an option. I have also been told that Linux is not an option. Well, maybe try a different scanner? Ever tried McAffee? Where do I go from here? I suggest to Symantec's support-site Sorry that I don't have any good news for you... Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: configuring tomcat with apache and eclipse.
Chuck, On Mon, Mar 30, 2009 at 8:52 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: Perhaps, but then why would the OP be concerned about losing session information when updating with Eclipse, if this were only for test/development? Maybe the he's too lazy to login every time? Who knows... So calm down, think of your heart Heart's fine, and I just spent a day instructing a student in an RS4, so I'm quite calm; now if I could only figure out how to afford one (and pay for the gas). Calm? I guess I'd be a piece of dead meat if somebody else but me was driving =8) And since we're having a multi-nationale-multi-universal-car-financial-you-name-it-crises, I'm pretty sure care-prices are going to drop. And for the gas: Ever thought of solar-cells on the hood? ;) I'll call it a day now, see you guys tomorrow! Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Where to Place .dll files in TOMCAT?
Martin, I believe the OP doesn't know what an .so-file is. I'm also not sure if there's something like execute-privileges in Windows. Besides, he's talking about Tomcat 6, and I can't find anything like a shared-folder in Tomcat 6. My knowledge about all this library-stuff on MS Windows (btw: Which version? Vista? XP?) is quite limited, but I believe it's a bad idea in general just putting this stuff into a system-folder like system32. If those libraries are called via JNI (which is something I also dislike), they have to be put into $CATALINA_HOME/lib. You also have to set the Java-property java.library.path accordingly. A brief overview can be found here: http://forums.sun.com/thread.jspa?threadID=780109 Please note that this description is for Tomcat 5 - meaning don't put them into lib/shared but into lib. My preferred solution would be to put those dlls int [your_app/WEB-INF/lib] so that a strict separation from your app-files and Tomcat is maintained, however, I believe that setting the property java.library.path within your webapp won't help since the Tomcat-class-loader might interfere, but I'm not sure about that - comments on that, anyone? Rgds Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Forwarding from one Context to another
Brandon, within the Context-definition of the COntext *from* where you want to forward, you'll have to specify Context path=[Pfad] crossContext=true ... / Forwarding works like this: ServletContext otherContext = servletContext.getContext(/othercontext); // The context may be null if the application server does not permit cross-context access. if (otherContext != null) { ... } HTH Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Forwarding from one Context to another
Brandon, please reply to the list so that other ppl also benefit from this. On Sun, Mar 29, 2009 at 3:22 PM, behofm...@gmail.com wrote: Thanks for the quick reply! After using the approach you mentioned, I would then use the RequestDispatcher to complete the forward to the new context. Correct? Haven't done that myself, but as I understand it, yes. It's important that you use the dispatcher from the context you're forwarding to - in the example above that's the otherContext: RequestDispatcher rd = otherContext.getRequestDispatcher() Rgds Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: SEVERE: Null component Catalina:type=DataSource
1st: I Agree to Yassine that it would be helpful if you could provide some logs. 2nd: If I'm not mistaken, you're using the Tomcat5-syntax which has changed since Tomcat 6. Have l look here: http://tomcat.apache.org/tomcat-6.0-doc/config/realm.html I.e., the username-attribute becomes connectionName-attribute etc. Please look it up, change your settings and let us know if it works now. If not, please provide - your complete context-definition - your complete deplyment-descriptor - the logs Rgds Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: SEVERE: Null component Catalina:type=DataSource
Mea culpa, Chuck, you're right... On Fri, Mar 27, 2009 at 3:21 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: A week in Amsterdam, and... How much have you guys been drinking? :-) erm... actually I wasn't drinking :) so let's just wait for the logs Cheers Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Apache load balancer for windows 2003 (64bit)
http://www.apache.org/dist/tomcat/tomcat-connectors/jk/binaries/win64/ Rgds Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: job announcement - Software Architect
Martin, On Sat, Mar 21, 2009 at 9:50 PM, Martin Gainty mgai...@hotmail.com wrote: test driven means if I create a component as a developer I need to install a JUnit testcase that will test the requisite function Actually there's a bit more behind it. Usually, you start to design an application starting with some UseCases, Sequenz-Diagrams, Action-Diagrams, Class-Diagrams etc. So basically you have a MDA (Modell Driven Architecture) reflecting / incooperating *all* business-requirements (hopefully...) When Using TDD, all of that is left behind. The flow of activity is like - analyse the problem / requirement - write a test reflecting the requirement - code something on which the test will not fail As you can see, TDD is more something being used for small projects. I'd even say that what we understand as a project is already too big for pure TDD. TDD is great if you have a small problem, need ti implement a new requirement or just fix a bug / unwanted behaviour. IMHO it's useless for real-world projects having a certain complexity and size. Besides, if you are using something like MDA, you start up like outlined above, however, one you start to implement, you don't start to code but you start to write some tests for the smallest parts aka classes. IMHO tests should mirror the requirements aka modells, however, I do not think that the process should start with tests but tests should come after the design is roughly set. Rapid Iterative Development means make as small a piece of functionality such as a component and then add ancillary functions such as this project requirement The thing is, that we all want the requirements to be complete once we start with the development (which, in my understanding, consists of analyses, design, test, implementation). However, most of us know that requirements almost never are complete. Therefore, one tries to accept the fact and uses something like RID (being developed from RAD). The lifecycle is: - Requirements capture - Analysis - Design - Implementation - Testing After that again starting with requirements capture. This seems to be perfect - but hold it: As you can imagine, it's almost impossible to estimate the effort for a project, since you don't know all requirements beforehand. So the big challange will be to convince your customer that this will not be a fixed-price / fixed-time-project, however, he (the customer) will definately benefit since this approach is most flexiable, you are able to shortly implement new requirements (i.e. market-conditions, new legal requirements etc.). The problem still is: Most customers don't actually know their own requirements, they don't know what they want / need, but still they want a statement on what the project costs and how long it will take... Rgds Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Slightly OT: Who is attending the Tomcat courses on Monday Tuesday
Pieter, I'll be there starting on Tuesday Hackaton (actually will be arriving sometime on Monday) and stay until Friday. Btw., I found this site quite helpful: http://aceu2009.crowdvine.com/ Rgds Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: help building a proxy
On Sat, Mar 21, 2009 at 1:06 AM, Richard Langly richard.ringo.lan...@gmail.com wrote: If you mean that there are no modifications to the original request or even the response, then yes. It's to be a transparent proxy. So why do you try do build your own proxy? I've a similar setup using TinyProxy - that's just perfect. You can even make TinyProxy listen to localhost only, then, on your client-machine, setup Putty with port-forwarding, connect via putty to your proxy-machine and enter localhost:forwarded TinyProxyPort as a proxy within your web-browser and you're all set. Might be that I misunderstood your intentions, but if it's about circumventing some censorship, then this is an almost perfect setup ;) Rgds Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: help building a proxy
Richard: Are you looking for a transparent proxy? I.e., circumvent some censorship? Rgds Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Issue with SSL server/ network configuration
On Fri, Mar 20, 2009 at 12:10 PM, i_am_superman ee...@objectivation.nl wrote: If anyone else has another idea, please respond. How about a self-seigned cert? A nasty browser-window will pop up once, however, the users could import the server-cert into their browser, and then they#re done Rgds Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Issue with SSL server/ network configuration
On Fri, Mar 20, 2009 at 12:36 PM, André Warnier a...@ice-sa.com wrote: Considering the amount of taxpayer money that governments are currently pumping into failed financial institutions and car makers, I'm sure they could afford a 400 € certificate, no ? Or is it that bad ? +1 Cheers Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Issue with SSL server/ network configuration
Peter, On Fri, Mar 20, 2009 at 2:05 PM, i_am_superman ee...@objectivation.nl wrote: I just don't understand it; how do hosting companies host 2 sites on one box with a certificate each? That'll be a lot of IP address juggling.. Well, we f.e. do have a box 8ok, actually two boxes behind a loadbalancer), each having 8 different IP-addresses - one for each site I guess that's no uncommon setup. Rgds Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: FW: very off topic marketing question
Just ask them to google for security-issues linked to PHP and issues linked to any servlet-container (aka Tomcat). If they want it more specific, ask them to read through some relevant mailing-list-archives such as full-disclosure. OK, that's not about performance, but we f.e. do not use PHP due to it's security-footprint. Sure, if one know his ways arround in PHP and know the sources of every module used in PHP and has checked them for any security-concern, it may work - however: I've never met such a person... Rgds Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: error page configuration
This is not a Tomcat-related question but a question relating to Servlets in general. http://edocs.bea.com/wls/docs61/webapp/web_xml.html#1017571 Rgds Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat for dummies, subtopic Acronyms
André, On Wed, Mar 18, 2009 at 7:37 PM, André Warnier a...@ice-sa.com wrote: Nope, just that after people keep throwing mysterious acronyms at me, and several of them start to use the same ones, I get curious. Since I believe one of those people was me, I hope throwing stuff at you didn't hurt too much :) Cheers Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tracing port to port
André, two questions: what type of conenction is the servlet using? Is it RMI, Socket, something else? If you're not happy with Wireshark, there might be an approach which takes a bit more effort but might work in case the Java-classes are not obfuscated: Talking RMI: - try to decompile the Java-classes from the war (nice software to do that might be http://java.decompiler.free.fr or simply try JAD) - find the RMI-interfaces - write an RMI-proxy which dumps the information using either console-output or log4j or whatever you like - after that, forward the RMI-information from the proxy to the Java-Demon Cheers Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tracing port to port
On Wed, Mar 18, 2009 at 3:47 PM, Christopher Schultz ch...@christopherschultz.net wrote: Wireshark does full TCP capture but also understands protocols, so it will show you only the HTTP details for a particular packet, etc. But will this help to find out the characterset of encoded string in an RMI-object? If I understand André correctly, he wants to find out the encoding dirung the communication between servlet java-demon - I doubt that this goes as HTTP over the wire. @André: Maybe you could give a more detailled description of your problem, so that we might come up with some more helpful ideas? Cheers Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: form parameters
On Mon, Mar 16, 2009 at 3:10 PM, Mikolaj Rydzewski m...@ceti.pl wrote: It doesn't work for me. By default Tomcat uses ISO-8859-1 encoding. And it will try this encoding to parse input parameters. That's true, I'm doing the same here for German Umlaute, however: One link in the Wiki is pointing to HTTP specification section 3.4.1, however, there's something that I do not understand: The specs say in 3.4.1: quote HTTP/1.1 recipients MUST respect the charset label provided by the sender; and those user agents that have a provision to guess a charset MUST use the charset from the content-type field if they support that charset, rather than the recipient's preference, when initially displaying a document. See section 3.7.1. /quote So, for me as a non-native English speaker, I understand it in such a way that your conent-encoding must be obliged - or do I get it wrong here? So, if in the content-encoding UTF-8 is specified, why isn't it accepted then? Rgds Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: form parameters
If found this one: http://www.w3.org/TR/html401/interact/forms.html#adef-accept-charset Actually, to me it's not clear why Tomcat should believe the input being encoded in ISO8859-1, when one can give a detailled information how the form-data is encoded. If I understand it correctly, one can even *force* any client (as long as the client is following the specs) to encode the form-data using the accepeted-charset-attribute of the Form-element. IOW: Setting accepted-charset=UTF8 should solve the problems. Comments, anyone? Rgds Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Stack overflow when creating a session
Since Struts is very well tested on Tomcat (btw: which versions are you running?), I wouldn't believe this being a Tomcat / Struts-problem but a problem of your app. Rgds Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Stack overflow when creating a session
So how should we help you then without knowing your application? Remeber: This is a Tomcat-mailinglist. However, since some guys here do have quite some Struts-know, maybe you're lucky if providing sufficiant information... Rgds Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Howdy ! A little help ?
- take a look into your server.xml-file: somewhere you shoudl find the Host-element: just add the attribute appBase in there and you're set. however, since you're running a pre-packed Tomcat, I don't know where centOS is storing the Tomcat-config-files - will be your part to find that out. further info about the Host-element can be found here:http://tomcat.apache.org/tomcat-6.0-doc/config/host.html rgds gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] RE: Max Number of users
Chris, On Fri, Mar 13, 2009 at 2:59 PM, Christopher Schultz ch...@christopherschultz.net wrote: Generator: 10 fingers and some brain Cute. I do have the copyright on that one, however, I put it under the GPL - ooops - did I say GPL? I mean Apache License 2.0 ;) Regds Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Lazy Virtual Hosting?
Chris, On Fri, Mar 13, 2009 at 3:18 PM, Christopher Schultz ch...@christopherschultz.net wrote: Another potential reason for using separate Connectors is to (somewhat) guarantee availability of each of your webapps. If you have an Executor with 100 threads available, a single webapp('s users) can consume all the threads and (temporarily) starve the other webapps. That's a very interesting thought - thanks for that one! Rgds Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org